vBulletin decodeArguments serialized object vulnerability

Added: 04/15/2016 CVE: CVE-2015-7808 Background vBulletin is PHP software for building community websites. Problem A vulnerability in vBulletin 5 Connect allows remote attackers to execute arbitrary PHP code by placing a specially crafted serialized object in the arguments parameter to the...

DEBIAN-CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

UBUNTU-CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

Design/Logic Flaw

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

CVE-2016-2000

HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...

HPE Service Manager (SM) Arbitrary Command Execution Vulnerability

HPE Service Manager SM is IT service management software. A security vulnerability in HPE Service Manager SM versions 9.3x prior to 9.35 P4 and 9.4x prior to 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object...

CVE-2016-1998

HPE Service Manager SM 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

CVE-2016-0958

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object...

CVE-2016-0958

Adobe Experience Manager versions 5.6.1, 6.0, and 6.1.0 are affected by a Java deserialization vulnerability (CVE-2016-0958). The underlying issue is a deserialization flaw in crafted Java objects that can lead to unspecified impact. Remediation per APSB16-05 is to apply hot fix 8364 to resolve t...

CVE-2016-1985

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

Apache ActiveMQ Arbitrary Code Execution Vulnerability

Apache ActiveMQ is the United States Apache Apache Software Foundation developed a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ 5.13.0 before 5.x version of a security vulnerability , the vulnerability...

Design/Logic Flaw

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager vADM 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the...

CVE-2015-6934

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager vADM 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the...

Apache Camel Java Object Deserialization Vulnerability

Apache Camel is based on the known enterprise-class integration model on the open source integration framework . Camel router , if camel-jetty or camel-servlet used as a consumer , Camel will automatically deserialize HTTP requests using content-header: application/x-java-serialized-object , remo...

CVE-2015-6420

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider;...

CVE-2015-6420

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider;...

CVE-2015-8103

CVE-2015-8103 affects Jenkins CLI deserialization in the Jenkins core prior to 1.638 (and LTS prior to 1.625.2). A crafted serialized Java object can trigger remote code execution via a vulnerable commons-collections library and the Groovy variant in ysoserial. Impact is remote code execution wit...

IBM WebSphere Application Server Commons-Collections Library Remote Code Execution (CVE-2015-7450)

A remote code execution vulnerability has been reported in IBM WebSphere Application Server. The vulnerability is due deserialization of untrusted data while having the vulnerable version of Apache Commons-Collections library in the code path. A remote, unauthenticated attacker can exploit this...